CVE-2016-2788

Опубликовано: 13 фев. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

Ссылки

https://puppet.com/security/cve/cve-2016-2788
Vendor Advisory
https://puppet.com/security/cve/cve-2016-2788
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:puppet:marionette_collective:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:puppet:marionette_collective:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:puppet:marionette_collective:2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:puppet:marionette_collective:2.8.2:*:*:*:*:*:*:*

cpe:2.3:a:puppet:marionette_collective:2.8.3:*:*:*:*:*:*:*

cpe:2.3:a:puppet:marionette_collective:2.8.4:*:*:*:*:*:*:*

cpe:2.3:a:puppet:marionette_collective:2.8.5:*:*:*:*:*:*:*

cpe:2.3:a:puppet:marionette_collective:2.8.6:*:*:*:*:*:*:*

cpe:2.3:a:puppet:marionette_collective:2.8.7:*:*:*:*:*:*:*

cpe:2.3:a:puppet:marionette_collective:2.8.8:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*

Версия от 3.8.0 (включая) до 3.8.6 (исключая)

cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*

Версия от 2016.2.0 (включая) до 2016.2.1 (исключая)

EPSS

Процентиль: 83%

0.01957

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-284

Связанные уязвимости

CVE-2016-2788

CVSS3: 9.8

ubuntu

почти 9 лет назад

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

CVE-2016-2788

CVSS3: 6.1

redhat

больше 9 лет назад

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

CVE-2016-2788

CVSS3: 9.8

debian

почти 9 лет назад

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise ...

GHSA-v3fx-f8x7-f9vf

CVSS3: 9.8

github

больше 3 лет назад

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.

EPSS

Процентиль: 83%

0.01957

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-284